If I correctly understand the concept of a "brain wallet" in BitCoin, you start with a passphrase, generate the hash of the passphrase, then somehow derive a public / private key from that to use as your BitCoin identifier.

This conflicts with what I understand about key pairs... namely that they are special... not every number is qualified to be part of a key pair because there are requirements related to prime factorization. So how can the "brain wallet" algorithm work, since the hash could be any number?

You could simply seed the PRG used by your key generation algorithm using the hash you computed. That way the key-generation algorithm will always generate the same keypair.
–
MaeherApr 26 '13 at 13:35

3

Factorization only applies to RSA, not to ECC. For ECDSA a private key is just a number in a certain range. Numbers outside of that range can be mapped into the range with the modulo operator.
–
CodesInChaosApr 26 '13 at 13:42

1 Answer
1

Bitcoin doesn't use RSA, it uses ECDSA. Every 256-bit value is a valid private key. (Though a very small fraction of them have to be folded.)

But even if the numbers had to be special, it still wouldn't matter. You could use every 256-bit value as a seed to a pseudo-random number generator which you could use to deterministically generate numbers that had whatever properties you need.

You can also trivially create schemes to generate numbers that do have needed properties from passphrases. For example, Ripple uses a scheme like the following: